XMPP / Jabber

Skype

Location

Interests

Hi all, I've followed the instructions at https://airvpn.org/topic/11431-using-airvpn-with-linux-from-terminal/ in order to set up my account. This works fine and leak-free, when my local networks gives me an IPv4 address -- but if I get an IPv6 address, that address is leaked to remote sites according to https://ipleak.net/ . How do I prevent that? Thanks, Chris

Hello all, This is collection from different tutorials which I will refer here, but usually changed since some things changed. Setting up VPN on Synology is modified neolefort tutorial from here and reconnect script if from sundi which you can find here, which probably modified this script, plus my iptables for blocking Synology on router level when VPN fails. Other contributions: foobar666 - you no longer need to enter variables manually _sinnerman_ - fixed script for DS 6.1 I'm doing this mostly because I usually forget things I managed to solve after year or two, so this is way to have constant reminder how it was solved and also help others. 1. Get your certificates from AirVPN. Go to the https://airvpn.org/generator/ page to generate the configuration file. (1) SELECT LINUX OS (2) SELECT 1 SERVER (refer to section "by single servers") OR COUNTRY OR ANYTHING ELSE YOU WANT In original tutorial, neolefort said to choose 1 server, because in that case you will get IP instead of xxx.airvpn.org domain. Choosing 1 server is safe because it doesn't need working DNS when you want to connect to VPN. If you choose anything else, you need working DNS on your router when establishing VPN connection. (3) SELECT the Advanced Mode (refer to section "connection modes") -select Direct, -protocol UDP, -port 443 -Separate keys/certs from .ovpn file You can choose any combination of protocol/port, but then also change iptables accordingly if you are using failsafe script. (4) ACCEPT THE RULES OF AIRVPN Tick the two checkboxes : I have read and I accept the Terms of Service I HEREBY EXPLICITLY ACCEPT POINTS 8, 10, 11 Then click on the GENERATE button. (5) Click on the ZIP button in order to download the AIRVPN configuration files and unzip them anywhere on your computer The ZIP archive should contain the following files: -AirVPN_XXXXX_UDP-443.ovpn -ca.crt -user.crt -user.key -ta.key 2. Setup AirVPN on Synology. In new DSM 6 it's much more easier since Synology developers allowed everything in GUI now. - Login as admin or with user from Administrator group. - Open Control panel. - Go "Network" and click on tab "Network Interface" - Click on button "Create" - "Create VPN profile" - Choose "OpenVPN (via importing .ovpn file) - Click "Advanced options" so it shows all options - Profile name: anything you want, but please keep is short and if you can without spaces " ", for example "AirVPN". - User name: Enter your username (anything you want, or you can enter AirVPN username) - Password: Enter your password (anything you want, or you can enter AirVPN password) - Import .ovpn file: click button and import your AirVPN_XXXXX_UDP-443.ovpn - CA certificate: click button and import your ca.crt - Client certificate: click button and import your user.crt - Client key: click button and import your user.key - Certificate revocation: LEAVE EMPTY - TLS-auth key: click button and import your ta.key - Click "Next" - Select all options, EXCEPT "Enable compression on the VPN link" (well, you can select that also if you really want, but don't ) Now you have working OpenVPN link on your Synology DS6+. You just need to start it from "Control panel" - "Network" - "Network Interface". EXTRAS!!! 3. Setting up external access to your Synology. First what you will notice is, "I CAN'T ACCESS MY SYNOLOGY FROM OUTSIDE OF MY LAN!!!!!!! OMG OMG OMG!!!!" I will not explain port fowards on your router here, if you don't know how to make one, learn! (1) You can port forward trough AirVPN webpage and access your Syno via VPN exit IP. This sometimes works, most of times it doesn't since Syno has some ports you cannot change. Anyway, change your default HTTP / HTTPS port on Syno to your forwarded AirVPN port and you should be fine. But forget about Cloudstation and similliar things. (2) If you want to access Syno via you ISP IP (WAN), then problem is, your Syno is receiving your connection, but it's replying trough VPN. That's a security risk and those connections get droped. But there is solution! - Access "Control panel" - "Network" - "General" - Click "Advanced Settings" button - Mark "Enable multiple gateways" and click "OK" and then "Apply" You're done! It's working now (if you forwarded good ports on your router). 4. Prevent leaks when VPN connection on Synology fails. There will be time, when you VPN will fail, drop, disconnect, and your ISP IP will become visible to world. This is one of ways you can prevent it, on router level. For this you need Tomato, Merlin, DD-WRT or OpenWRT firmware on your router. I will tell you steps for Tomato router. If you are using different firmware, then you need to learn alone how to input this code into your router. Since Shibby version 129 for ARM routers, syntax of iptables changed and depending on which version of iptables you are using, apply that code. - Login to your router (usually just by entering 192.168.1.1 into your browser, if your IP is different, find out which is your gateway IP). - Click on "Administration" - Click on "Scripts" - Choose tab "Firewall" For Shibby v129 for ARM and later (iptables 1.4.x) us this: #Use this order of commands because it executes in reverse order.
#This command will execute last, it kills all UDP requests.
iptables -I FORWARD -p udp -s 192.168.1.100 -j REJECT
#This command will execute second and will block all TCP source ports except those needed for web access or services
iptables -I FORWARD -p tcp -s 192.168.1.100 -m multiport ! --sports 5000,5001,6690 -j REJECT
#This command will execute first and will ACCEPT connection to your VPN on destination port 443 UDP
iptables -I FORWARD -p udp -s 192.168.1.100 -m multiport --dports 443 -j ACCEPT
For earlier Shibby versions and later for MIPS routers:#Use this order of commands because it executes in reverse order.
#This command will execute last, it kills all UDP requests.
iptables -I FORWARD -p udp -s 192.168.1.100 -j REJECT
#This command will execute second and will block all TCP source ports except those needed for web access or services
iptables -I FORWARD -p tcp -s 192.168.1.100 -m multiport --sports ! 5000,5001,6690 -j REJECT
#This command will execute first and will ACCEPT connection to your VPN on destination port 443 UDP
iptables -I FORWARD -p udp -s 192.168.1.100 -m multiport --dports 443 -j ACCEPT
Port TCP 5000 = HTTP for for Synology web access (change to your if it's not default)Port TCP 5001 = HTTPS for for Synology web access (change to your it's not default) Port TCP 6690 = Cloud Station port Port UDP 443 = AirVPN connection port which you defined in step 1 of this tutorial. If you are using TCP port, then you need to change "-p udp" to "-p tcp" in that line. If you need more ports, just add them separated by comma ",". If you want port range, for example 123,124,125,126,127, you can add it like this 123:127. Change IP 192.168.1.100 to your Synology LAN IP. Be careful NOT TO assign those ports to your Download Station on Synology. This isn't perfect, you can still leak your IP through UDP 443, but since torrent uses mostly TCP, those chances are minimal. If you use TCP port for VPN, then those chances increase. If you really want to be sure nothing leaks even on UDP 443 (or your custom port), you need to choose 1 (ONE) AirVPN server. You need to find that server entry IP and change last IPTABLES rule to something like this: iptables -I FORWARD -p udp -s 192.168.1.100 -d 123.456.789.123 -m multiport --dports 443 -j ACCEPT
Where 123.456.789.123 is AirVPN server entry IP. This will allow UDP 443 only for that server, rest will be rejected by router. These are all my opinions, from my very limited knowledge, which may be right and may be wrong. 5. Auto reconnection when VPN is down. Since when you made your VPN connection on your Synology, you checked "Reconnect" option, Syno will try to reconnect automaticly when connection fails. But in some cases, your network will be offline long enough and Syno will stop trying to reconnect, or will hang with VPN connection established, but not working. In those cases you can use this auto reconnect script. This is reconnect script. Save it in file named whatever you want. I'm using file name "synovpn_reconnect". All instructions how to use it are inside script in comments, but I will repeat them in this post also. #VPN Check script modified Sep 11, 2016
#Script checks if VPN is up, and if it is, it checks if it's working or not. It provides details like VPN is up since, data #received/sent, VPN IP & WAN IP.
#If VPN is not up it will report it in the log file and start it
#Change LogFile path to your own location.
#Save this script to file of your choosing (for example "synovpn_reconnect"). Store it in one of your Synology shared folders and chmod it: "chmod +x /volume1/shared_folder_name/your_path/synovpn_reconnect"
#Edit "/etc/crontab" and add this line without quotes for starting script every 10 minutes: "*/10 * * * * root /volume1/shared_folder_name/your_path/synovpn_reconnect"
#After that restart cron with: "/usr/syno/sbin/synoservicectl --restart crond"
#!/bin/sh
DATE=$(date +"%F")
TIME=$(date +"%T")
VPNID=$(grep "\[.*\]" /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "[" | cut -f 1 -d "]")
VPNNAME=$(grep conf_name /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "=")
LogFile="/volume1/video/Backup/airvpn/check_airvpn_$DATE.log"
PUBIP=$(curl -s -m 5 icanhazip.com)
#PUBIP=$(curl -s -m 5 ipinfo.io/ip)
#PUBIP=$(curl -s -m 5 ifconfig.me)
CHECKIP=$(echo $PUBIP | grep -c ".")
start_vpn()
{
echo "VPN is down. Attempting to (re)start now." >> $LogFile
/usr/syno/bin/synovpnc kill_client --protocol=openvpn --name=$VPNNAME
echo 1 > /usr/syno/etc/synovpnclient/vpnc_connecting
echo conf_id=$VPNID > /usr/syno/etc/synovpnclient/vpnc_connecting
echo conf_name=$VPNNAME >> /usr/syno/etc/synovpnclient/vpnc_connecting
echo proto=openvpn >> /usr/syno/etc/synovpnclient/vpnc_connecting
/usr/syno/bin/synovpnc reconnect --protocol=openvpn --name=$VPNNAME >> $LogFile
}
sleep 6
echo "======================================" >> $LogFile
echo "$DATE $TIME" >> $LogFile
if ifconfig tun0 | grep -q "00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00"
then
if [ "$CHECKIP" == 1 ]
then
IPADDR=$(/sbin/ifconfig tun0 | grep 'inet addr' | cut -d: -f2 | awk '{print $1}')
RXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f2 | awk '{print $1,$2,$3}')
TXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f3 | awk '{print $1,$2,$3}')
UPTIME=$(cat /var/log/messages | grep "$IPADDR" | awk '{print $1}' | tail -1)
UPTIME=$(date -d"$UPTIME" +"%Y/%m/%d %H:%M:%S")
echo "VPN is up since: $UPTIME" >> $LogFile
echo "Session Data RX: $RXDATA" >> $LogFile
echo "Session Data TX: $TXDATA" >> $LogFile
echo "VPN IP is: $IPADDR" >> $LogFile
echo "WAN IP is: $PUBIP" >> $LogFile
else
start_vpn
fi
else
start_vpn
fi
exit 0
(1) Enable SSH on your Synology if you didn't already. - As admin go to "Control panel" - "Terminal & SNMP" (you need to enable advanced mode in top right corner of control panel for this) - Check "Enable SSH service" - Click "Apply" (2) Save script above in file "synovpn_reconnect". Make sure to save it in UNIX UTF8, not windows. You can do that on windows with Notepad++, just open file with Notepad++, click "Encoding" - "Convert to UTF-8 without BOM" and them save file. (3) Edit script variables so it works for your system. You only need to edit this part: LogFile="/volume1/video/Backup/airvpn/check_airvpn_$DATE.log"
Thanks to foobar666, you no longer need to enter VPNID or VPNNAME, it will detect them automatically. Now you only need to change your LogFile variable to match your wishes. After you finish editing script, save it. (4) Move or copy "synovpn_reconnect" to your Synology shared drive. Doesn't matter which, just be sure to know full path to it. If you only have 1 volume/drive, with multiple shared folders, your path should look similar to this: /volume1/shared_folder_name/your_path/
So for example, if you keep your files in default CloudStation folder, your path should look something like this:/volume1/home/your_username/CloudStation/
You can also do all this with VI, check original tutorial for that. (5) Now use Putty if you are on windows, or your terminal on linux, to access your Synology via SSH. I will not tutor you how to do that, learn. admin@192.168.1.100 or username@192.168.1.100 + password, or whatever your Syno LAN IP is. (6) Now type this into Putty/terminal: sudo chmod +x /volume1/shared_folder_name/your_path/synovpn_reconnect
You need to chmod it to be executable. You will notice I use "sudo". It's because my admin username isn't default "admin". If you are using default "admin" user, then you probably don't need sudo. (7) Setup cron so it automatically starts your script every X minutes / hours / days. To setup it enter this: vi /etc/crontab
And then press "i" to enter editing mode. Go to last line, and start new line with this:*/10 * * * * root /volume1/shared_folder_name/your_path/synovpn_reconnect
Note that those ARE NOT spaces, those are TABS. This will start your script every 10 minutes. Change to whatever you want.Then press ESC key, and then type: :wq
To exit VI and save file. After that type: /usr/syno/sbin/synoservicectl --restart crond
To restart cron (or restart your Synology). Tip: If you don't want logfile, you can comment out those lines, or remove ">> $LogFile" code from whole script. That's all. If you entered everything correctly, you should be fine and ready to go! Comments are welcome. If you find mistakes, please correct me.

When using VPN on Linux with openvpn I get 3 DNS adresses on ipleak.net. 1. AirVpn-Server Exit Ipv4, 2. AirVpn-Server Exit Ipv6 and 3. the residential address of my ISP. Note: This is not my own home IP, but rather the one by my ISP. Should I be worried? Ipv6 is disabled.

Hi, I'm using Eddie 2.13.6 on Debian. In the fall, I received a DMCA notice when I accidentally launched my torrent client while AirVPN was not running. To avoid this mistake in the future, I set the qBittorrent configuration setting "Network Interface" to tun0. The other day, I was having trouble accessing a website and thought they might be throttling/blocking the AirVPN server I was using, so I temporarily disconnected AirVPN and disabled the network lock. It seems that qBittorrent leaked over my wlan0 interface during this time, since I received another DMCA notice. Any suggestions on how I might safely configure my torrent client to cease all communication when the VPN is not enabled? Or maybe a way to temporarily configure only a single application (my Internet browser) to communicate outside of the Network Lock? Thanks.

Eddie IS without a doubt leaking lastpass connections to the web through the vpn. Eddie is still using the 2.4.3 client; though seeing eddie is a big program it could be some other function of Eddie. Using OpenVPN 2.4.5 solves this leakage. So, OpenVPN 2.4.5 it is. Here is a screenshot of the leak inside Wireshark. https://ibb.co/jgdQqH https://image.ibb.co/gzbBVH/Leaks_using_Eddie.png

Hi, I have been happily using AirVPN with the same config for a few years. But today, I just realized that my real IP has probably been exposed for a few days. I restarted openvpn and everything is now back to normal, but I would like to avoid that in the future, and I would appreciate any relevant advice. I use an up to date Debian 9, and openvpn from the official packages. I created the config with the AirVPN configurator, and I added these lines, in order to automatically restart a stalled connection, and to have stats : ping 10 ping-restart 60 remap-usr1 SIGHUP status openvpn-status.log What follows are excerpts from the syslog. It started like this: [Altarf] Inactivity timeout (--ping-restart), restarting /sbin/ip route del 62.102.xxx.xxx/32 /sbin/ip route del 0.0.0.0/1 /sbin/ip route del 128.0.0.0/1 Closing TUN/TAP interface /sbin/ip addr del dev tun0 10.4.xxx.xxx/16 SIGHUP[soft,ping-restart] received, process restarting Inactivity timeout is always working well. But not this time: RESOLVE: Cannot resolve host address: europe.vpn.airdns.org:443 (Temporary failure in name resolution) The resolving problems lasts for half an hour. After that, inactivity was still detected, restarting every minute : [uNDEF] Inactivity timeout (--ping-restart), restarting After one hour hour after, I see this message : [server] Peer Connection Initiated with [AF_INET]213.152.xxx.xxx:443 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) AUTH: Received control message: AUTH_FAILED SIGTERM received, sending exit notification to peer SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) SIGTERM[soft,exit-with-notification] received, process exiting From now on, openvpn did not retry to connect, and my reaI IP is exposed. It was 4 days ago. How can I avoid such a behavior, so that my real IP is hidden, even if something like this happens again?

Is it an issue that I can see a local ip here? I know I can disable WebRTC, but I use it. It seems to me like it gets routed through vpn, since it changes when I disconnect. And I don't leak my real, public IP behind VPN from what I can see. Is this safe (pics) or am I leaking? Btw I use Ubuntu 16.04 and Eddie 2.13.6 with network lock enabled. Some help would be appreciated!

This may be a newb question, but I need to satisfy my curiosity. Whenever I fire up a VPN connection, I like to check with www.ipleak.net to make sure everything is on the up & up after connecting. I've noticed that on the results page, it shows "IPv6 test not reachable", which I assume means that the Eddie client is doing it's job and disabling IPv6 when connecting. I then see that under "DNS Addresses" it's show 2 servers, One using an IPv4 IP address and the other using an IPv6 address, but of course these two addresses are connected to the VPN IP address I've been assigned. This tells me that there is no DNS leaking going on. I've only witnessed this situation when using AirVPN's servers and the Eddie client (as opposed to, for example, using another VPN service and their connection client). I attached a screencap to show what I am talking about: So, after my long-winded explanation of the issue, here's my question. Because it is showing two DNS servers, and one being a IPv6 server, is this a potential leak for IPv6 traffic since the test is able to connect to this particular server? Is it also possible for it to be a DNS leak, even though it is obviously associated with VPN server that gave me this particular IP address? I'm wondering about this simply because when I use other VPN providers and check ipleak.net, it only shows the one DNS server (IPv4) with the same IP address as the one issued to me by the VPN server. This would lead me to believe that my VPN connection is correctly blocking leaks and using DNS servers provided by the VPN service. Any help with this would be greatly appreciated, and of course, please don't hesitate to ask if I need to clarify any information.

Hi I tried accessing some torrent sites in the UK yesterday while using AirVPN (Eddie client, connected to Atik, Netherlands server) and they still seemed to be blocked "by the high court" which led me to believe that somehow the VPN isn't working on that there's a leak as it's seeing that I'm in the UK. So I went to https://www.dnsleaktest.com/ and it says I'm in the Netherlands, which seems correct as that's the server I've connected to but then when I do the standard test, it shows me 4 servers with my country and ISP provider. I have enabled Network Lock at startup in the preferences but that doesn't seem to change anything. Is there something else I should be doing? Sorry I'm new to this. Why would I not be able to access these sites if I'm connected to the Netherlands where they're not blocked? Thanks. EDIT: El Capitan, not Mavericks!

Hi. My ISP assigns me an IPv4 and v6 address. v4 seems to be tunneled fine, but IPv6 still yields my own IP. I.e. when I visit https://ipleak.net/ I see the VPN address for ipv4, but still my own ipv6 address. I'm using the official client on Windows 7, where I tried both settings in "advanced": None and Disabled. Both yield the same result. Any input?

I recently upgraded to latest Ubuntu Version and just found out I'm leaking DNS. Even though I'm using Eddie v2.12.4 with network lock enabled. I tried to add block-outside-dns to ovpn directives in Eddie settings but I'm still leaking DNS. Didn't read correct, this works only in Windows. edit: I tried to use OpenVPN with a config file and DNS push with resolvconf instead of Eddie with same results. Still leaking DNS. Tried to use a VM with Ubuntu 16.10 configured DNS push and had no leaks. So I guess something is wrong with resolvconf in Ubuntu 17.04. edit2: Seems to be a Ubuntu 17.04 problem. Many users seem to have problems with DNS. Still looking for help here. If anyone has an idea. Since this is no Eddie specific problem please push this topic to the right subforum.

Hello everyone! I am using AirVPN on Fedora 25 and the first week it worked perfectly. But, as I got a router (D-Link DIR-868L) this week I have started noticing DNS Leaks occurring now and then, and if I bypass the router by connecting straight to wall the DNS leaks go away. It doesn't seem to matter what way I have of connecting to the VPN, I have tried Gnome-Network-Manager, Eddie and using the terminal and it is all the same. How can I fix this?

So I've just installed the AirVPN client and got it to work without any troubles, every setting is set on default. But sadly after running a test on doileak.com (can't connect to doileak.net ??) I see instances of DNS requests originating from my ips. I use Firefox which according to the test is not suffering from an WebRTC IP Leak. When checking the ethernet connections like the TAP-Windows Adapter V9 IPV4 settings I do see its working with a preferred DNS server adress. Changing this to obtaining a DNS server address automatically did not solve the issue. Neither after a pc restart. I have no idea how to solve this. (ps. I confused doileak.com with ipleak.net, so yeah of course I cannot connect to doileak.net )

Hello, I'm using "OpenVPN Settings" on Android, because of an unfixed bug of Android which completely prevents me from using OpenVPN for Android. So I am sorry that I cannot use the recommended app. I created an "Android" config file in the client area, but my first problem is that "/sbin/ip" was not found: iproute was at "/system/bin/ip" instead. I figured out that adding `iproute /system/bin/ip` to my ovpn config file fixed this. Now the openvpn successfully connects either from terminal using `openvpn <filename.ovpn` or using OpenVPN Settings app. But, my browser is still going straight to the web from my mobile network. My IP address is still my normal IP address when I look it up, though OpenVPN logs appear normal and successfully connected. I have tried adding 'redirect-gateway' to the config file but it doesn't work. I would love some support making this connection successful and secure as I would like to use my phone through VPN only for some tasks. I have attached my logs. Thanks!

I have been using airvpn for a while and only recently realized that I have been leaking my ipv6 address... So, I want here to resurrect an earlier thread related to ipv6 leaking (https://airvpn.org/topic/18108-ipv6-leak/.) I experience the exact same problem. Under linux (Mint 18) I disabled IPV6 on my machine (by adding the following in /etc/sysctl.conf # disable ipv6 altogether net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1) AND selected the advanced AirVPN client option to disable IPV6. Still, visiting https://ipleak.net shows that my ipv6 is leaked. Selecting the network lock is only way to avoid the leak. I consider this problem a real issue...

Hello, This is probably a config issue from a network noob. I believe my browser traffic is going through AirVPN because I cannot get to any site without the client active. But pings, tracert and some updates (COMODO firewall) show traffic without it up. I am using the TAP9 adapter. Does this mean I have a leak? Part 2 I also play video games through Steam - I don't think I need a vpn - can I buy pass it? If so - how? Thanks, Mr. V

Hello! I found an issue... When using the Testpage of AirVPN for DNS- and WebRTC-Leaks (www.ipleak.net) it's actually not showing WebRTC-Leaks, although they are there! Under circumstances this can cause serious trouble for the VPN-Users, because when they don't see any leaks, most of them will be sure that there are no leaks - but that can be very false! I discovered clear WebRTC-Leaks on a Windows7-machine + up-to-date Firefox; but ipleak.net only showed me the internal IP leaks! (which are actually not dangerous) I opened 2 Firefox-Windows while connected to a AirVPN-Server and while ipleak.net didn't show real-IP leaks, at the same moment another site clearly showed these WebRTC-leaks (GitHub)! As you can see on the screenshot ipleak.net doesn't show anything suspicious, but Github shows all the leaks including my real Provider-IP + all internal Network IP's; so actually EVERYTHING was leaking and totally broke the anonymity of AirVPN in my Browser! Now I want to know why ipleak.net provides WebRTC-leak-detecion, when it actually not working at all (also tested on Linux!) Try it yourself and you will see what I mean: 1. https://ipleak.net/ 2. https://diafygi.github.io/webrtc-ips/ Please also check my screenshot below! Btw. you can fix that leak easily in your Firefox-Settings! Answers are welcome! regards, me

Hi, i have a RPI3 with Libraelec on it and I'm currently using this addon: brianhornsby.com/kodi_addons/openvpn to setup openvpn with the airvpn config file. Works perfectly but there is the problem of DNS leaks. Currently it's using my ISP's DNS since its configured by dhcp in the Libraelec config/settings. I searched for answers for hours now and found these options: 1) https://airvpn.org/topic/9608-how-to-accept-dns-push-on-linux-systems-with-resolvconf/ Problem here: no resolvconf package or openresolv package is installed & /etc/resolv.conf is read-only -> not working 2) i connect through my ISPs DNS to the VPN and then switch to 10.4.0.1 via libraelec settings -> not working 3) use opendns or opennic as my DNS -> want to use the vpn dns though Is there a solution i'm overlooking or does solution 1) work? Thanks in advance

When VPN connected from San Francisco area via Comcast ISP to Germany IPLeak.net in Chrome browser shows the following: IP 213.152.162.84 WebRTC 213.152.162.84 DNS Addr Det. US 162.242.211.137 Germany 78.46.223.24 I was surprised to see a US DNS address. With NSLookup 162.242.211.137 showed as a non-existent domain trying to resolve with OpenDNS in my home NAT router. But I can ping that IP address. In the Chrome browser I am using the WebRTC Leak Prevent addon. I think WebRTC is ok since it only shows my IP address in Germany.

Is this a misconfiguration issue? I observed via tcpdump on eth+, Noscript's ABE feature causing 10.x.x.x to contact the Air server ip on port 80 -- outside the tunnel. Then the Air external server replied outside tunnel -- port 80 -- to 10.x.x.x. This should not happen. Correct? This occurred during the usual back and forth to informaction.com and the OCSP response for Noscript's certificate. Additionally I have my firewall configured so that my local interface *only* connects to the modem/router and Air server ips. It's the AirVPN recommended firewall settings for linux. Anyone else experienced this?

As soon as i used last version of Eddie, ​I got a heavy unwanted traffics come into my fresh windows VM. By tracing the mentioned traffic back, I found they are connected to the notorious and discredited big data seller companies. ​ ​Such as: ​Hosting Services Inc​Amanah Tech Inc​Leaseweb​Softlayer Technologies IncZAO Russian Telecommunicatoions Group​Deepak Mehta FIE​YesUp E-Commerce Solutions Incand tons of other third party companies. My question is why by using your VPN client I'll revived this much traffic on ICMP protocol, but by using OpenVPN in exact same server I won't get any? Are you selling/renting/trading our information? Will we a part of big botnet by using your client VPN version? ​ ​I (we) need a clear official answer. Privacy is matter.